Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'eNMhlCAlhk' = '"<LS_APPDATA>\WZAbSxGVFa\Explorer.exe"'
- '<SYSTEM32>\svchost.exe' -o pool.minexmr.com:80 -u 45hc1Ra8Q7LQZ1ZQHuxTVmVFk63g1MnAsKicCnbHL4FeQNR48zc1gqBWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3yk2T28 -p x -v 0 -t 2
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\WZAbSxGVFa\Explorer.exe
- 'po##.#inexmr.com':80
- DNS ASK po##.#inexmr.com